2525from django .shortcuts import render , redirect
2626from django .template .defaultfilters import filesizeformat
2727from django .utils .translation import ugettext as _
28+ from django .views .decorators .clickjacking import xframe_options_exempt
2829from django .views .decorators .csrf import csrf_exempt
2930from ldap3 import Server , Connection , ALL
3031from ldap3 .core .exceptions import LDAPExceptionError
@@ -654,7 +655,7 @@ def lotd(request):
654655 'note' : _ ('msg.note.lossoftrailingdigits' ),
655656 }
656657 if request .method == 'POST' :
657- number = request .POST [ "number" ]
658+ number = request .POST . get ( "number" )
658659 d ['number' ] = number
659660 if number is not None and - 1 < float (number ) < 1 :
660661 d ['result' ] = float (number ) + 1
@@ -667,7 +668,7 @@ def roe(request):
667668 'note' : _ ('msg.note.roundofferror' ),
668669 }
669670 if request .method == 'POST' :
670- number = request .POST [ "number" ]
671+ number = request .POST . get ( "number" )
671672 d ['number' ] = number
672673 if number is not None and number is not "0" and number .isdigit ():
673674 d ['result' ] = float (number ) - 0.9
@@ -680,7 +681,7 @@ def te(request):
680681 'note' : _ ('msg.note.truncationerror' ),
681682 }
682683 if request .method == 'POST' :
683- number = request .POST [ "number" ]
684+ number = request .POST . get ( "number" )
684685 d ['number' ] = number
685686 if number is not None and number is not "0" and number .isdigit ():
686687 d ['result' ] = 10.0 / float (number )
@@ -695,7 +696,7 @@ def mojibake(request):
695696 }
696697 if request .method == 'POST' :
697698 request .encoding = 'ISO-8859-1'
698- input_str = request .POST [ "string" ]
699+ input_str = request .POST . get ( "string" )
699700 if input_str is not None :
700701 d ['msg' ] = input_str .title ()
701702 return render (request , 'mojibake.html' , d )
@@ -708,7 +709,7 @@ def xss(request):
708709 'note' : _ ('msg.note.xss' ),
709710 }
710711 if request .method == 'POST' :
711- input_str = request .POST [ "string" ]
712+ input_str = request .POST . get ( "string" )
712713 if input_str is not None :
713714 d ['msg' ] = input_str [::- 1 ]
714715 return render (request , 'xss.html' , d )
@@ -720,8 +721,8 @@ def sqlijc(request):
720721 'note' : _ ('msg.note.sqlijc' ),
721722 }
722723 if request .method == 'POST' :
723- name = request .POST [ "name" ]
724- password = request .POST [ "password" ]
724+ name = request .POST . get ( "name" )
725+ password = request .POST . get ( "password" )
725726 d ['users' ] = User .objects .raw ("SELECT * FROM easybuggy_user WHERE ispublic = 'true' AND name='" + name +
726727 "' AND password='" + password + "' ORDER BY id" )
727728 return render (request , 'sqlijc.html' , d )
@@ -773,6 +774,31 @@ def unrestrictedsizeupload(request):
773774 return render (request , 'unrestrictedsizeupload.html' , d )
774775
775776
777+ @xframe_options_exempt
778+ def clickjacking (request ):
779+ if not request .user .is_authenticated :
780+ return redirect_login (request )
781+ d = {
782+ 'title' : _ ('title.clickjacking.page' ),
783+ 'note' : _ ('msg.note.clickjacking' ),
784+ }
785+ if request .method == 'POST' and "username" in request .session :
786+ username = request .session ["username" ]
787+ mail = request .POST .get ("mail" )
788+ if mail is not None :
789+ try :
790+ from django .contrib .auth .models import User
791+ User .objects .filter (is_superuser = True )
792+ u = User .objects .get (username = username )
793+ u .email = mail
794+ u .save ()
795+ d ['complete' ] = True
796+ except Exception as e :
797+ logger .exception ('Exception occurs: %s' , e )
798+ d ['msg' ] = _ ('msg.mail.change.failed' )
799+ return render (request , 'clickjacking.html' , d )
800+
801+
776802@csrf_exempt
777803def xxe (request ):
778804 request .upload_handlers .insert (0 , QuotaUploadHandler ())
0 commit comments